Page 249 - Handout Computer Network.
P. 249
Computer Network 2026
• During the first exchange of messages, the two sides use Diffie-Hellman (see Homework
Problems) to create a bi-directional IKE SA between the routers.
To keep us all confused, this bi-directional IKE SA is entirely different from the IPsec SAs . The IKE
SA provides an authenticated and encrypted channel between the two routers. During this first
message pair exchange, keys are established for encryption and authentication for the IKE SA.
Also established is a master secret that will be used to compute IPSec SA keys later in phase 2.
Observe that during this first step, RSA public and private keys are not used. In particular, neither
R1 nor R2 reveals its identity by signing a message with its private key.
• During the second exchange of messages, both sides reveal their identity to each other by
signing their messages. However, the identities are not revealed to a passive sniffer, since the
messages are sent over the secured IKE SA channel. Also, during this phase, the two sides
negotiate the IPsec encryption and authentication algorithms to be employed by the IPsec SAs.
In phase 2 of IKE, the two sides create an SA in each direction. At the end of phase 2, the
encryption and authentication session keys are established on both sides for the two SAs.
The two sides can then use the SAs to send secured datagrams, The primary motivation for
having two phases in IKE is computational cost—since the second phase doesn’t involve any
public key cryptography, IKE can generate a large number of SAs between the two IPsec entities
with relatively little computational cost.
7.5 Securing Wireless LANs and 4G/5G Cellular Networks
Security is a particularly important concern in wireless networks, where the attacker can sniff
frames by simply positioning a receiving device anywhere within the trans mission range of the
sender. This is true in both 802.11 wireless LANs, as well as in 4G/5G cellular networks. In both
settings, we’ll see extensive use of the fundamental security techniques that we studied earlier
in this chapter, including the use of nonces for authentication, cryptographic hashing for
message integrity, derivation of shared symmetric keys for encrypting user-session data, and the
extensive use of the AES encryption standard.
We will also see, as is also the case in wired Internet settings, that wireless security protocols
have undergone constant evolution, as researchers and hackers discover weaknesses and flaws
in existing security protocols. In this section, we present a brief introduction to wireless security
in both 802.11(WiFi) and 4G/5G settings. For a more in-depth treatment, see the highly read able
802.11 security books [Edney 2003; Wright 2015], the excellent coverage of 3G/4G/5G security
in [Sauter 2014], and recent surveys [Zou 2016; Kohlios 2018]. 8.8.1 Authentication and Key
Agreement in 802.11 Wireless LANs Let’s start our discussion of 802.11 security by identifying
two (of many [Zou 2016]) critical security concerns that we’ll want an 802.11 network to handle:
• Mutual authentication. Before a mobile device is allowed to fully attach to an access point and
send datagrams to remote hosts, the network will typically want to first authenticate the
device—to verify the identity of the mobile device attaching to the network, and to check that
device’s access privileges. Similarly, the mobile device will want to authenticate the network to
which it is attaching—to make sure that the network it is joining is truly the network to which it
wants to attach. This two-way authentication is known as mutual authentication.
• Encryption. Since 802.11 frames will be exchanged over a wireless channel that can be sniffed
and manipulated by potential ne’er do-wells, it will be important to encrypt link-level frames
289
